CVE-2016-4803

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
30/06/2016
Last modified:
12/04/2025

Description

CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:* 3.3.1 (including)